Security management

Behavox is a member of the Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment.

Consensus Assessment Initiative Questionnaire for Behavox is available online.

Security of systems and data

Encryption of data at-rest in the cluster using HBase Transparent Encryption (AES-256)

User authorisation and authentication via Kerberos

Access strictly through VPN channels

Only remote desktop access to the client environment strictly on the basis of a genuine business need

Restrictions policy prohibiting the host from executing any prohibited data-related requests (e.g. copying data to the buffer, pasting the data from the buffer etc.) sent by the user

Strong passwords that are being regularly rotated

Continuous logging of all activity on both infrastructure and application levels

Input and output data integrity routines are continuously carried out together with regular and automatic data integrity checks of data in WORM storage

Security controls and independent audits

Going forward Behavox will be subject to the continuous independent third-party CSA STAR Attestation audit. The first assessment results are expected to be available in Summer 2017

Starting from Spring 2017 Behavox systems will be subject to regular external penetration testing exercises based upon the OWASP (Open Web Application Security Project) Top 10 and performed by CREST-certified testers